Petro Verkhogliad wrote:
> Is there a point to using loop-AES with kernel-2.6? CryptoAPI is in the kernel.
> Why not just use it?
1) Loop-AES is about twice as fast on modern x86 boxes.
2) Kernel 2.6 cryptoloop will not work properly with encrypted swap.
Encrypted swap needs memory pre-allocation.
3) kerneli.org and mainline versions are more than two years behind in
security. Both have exploitable vulnerability that is best described as
back door.
4) Uncounted number of bugs fixed in loop-AES that still bite mainline.
5) If Andrew Morton's loop changes get merged to mainline loop, kernel 2.6
cryptoloop will no longer work reliably with journaled file systems.
(same why reason I don't recommend using journaled file systems with
file backed loops)
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
